Provable Security Evaluation of Block Ciphers Against Demirci-Selcuk's Meet-in-the-Middle Attack

被引:2
|
作者
Sun, Bing [1 ,2 ,3 ]
机构
[1] Nanyang Technol Univ, Singapore 639798, Singapore
[2] Natl Univ Def Technol, Coll Liberal Arts & Sci, Changsha 410073, Peoples R China
[3] State Key Lab Cryptol, Beijing 100878, Peoples R China
基金
中国国家自然科学基金;
关键词
Ciphers; Cryptography; Tools; Sun; Upper bound; Indexes; Standards; Meet-in-the-middle; characteristic matrix; subset representation; primitive index; AES; CRYPTANALYSIS;
D O I
10.1109/TIT.2021.3058377
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The Demirci-Selcuk's meet-in-the-middle attack is one of the most important methods among all the cryptanalytic vectors, which gives the best result against the round-reduced AES with respect to the rounds, and tradeoffs between data, time and memory. While we have already built provable security models against the differential cryptanalysis, linear cryptanalysis cryptanalysis, impossible differential and zero-correlation linear cryptanalysis, the provable security against the meet-in-the-middle attack is missing. In this paper, we propose the subset representation of function based on which we could give an algorithm to compute the exact number of parameters of the Demirci-Selcuk's distinguisher given the input and output, respectively. Experiments show that this algorithm can be more efficient than the automatical tool presented by Shi et al. at Asiacrypt 2018. We further extract a formula based on this algorithm and show an upper bound for the length of the Demirci-Selcuk's distinguisher of an iterative SPN cipher. We prove that for an SPN block cipher whose block size equals the key size, an effective Demirci-Selcuk-type meet-in-the-middle distinguisher covers at most twice the maximum of the primitive indexes of the linear layer and its inverse. As a result, we show that the known length of the Demirci-Selcuk's distinguisher of the AES-128 cannot be improved unless the details of the S-boxes are exploited, which demonstrates that the AES has a provable security against the Demirci-Selcuk's meet-in-the-middle attack.
引用
收藏
页码:4838 / 4844
页数:7
相关论文
共 37 条
  • [31] Improved meet-in-the-middle attacks on reduced-round tweakable block ciphers Kiasu-BC and Deoxys-BC
    Ma, Zhangjun
    Li, Manman
    Chen, Shaozhen
    JOURNAL OF KING SAUD UNIVERSITY-COMPUTER AND INFORMATION SCIENCES, 2023, 35 (09)
  • [32] Security Evaluation of Lightweight Block Ciphers Against Mixture Differential Cryptanalysis
    Geng, Jiayue
    Ling, Chen
    Liu, Jinyu
    Qiao, Kexin
    Yi, Xiangjian
    Zhu, Liehuang
    IEEE INTERNET OF THINGS JOURNAL, 2024, 11 (12): : 22116 - 22127
  • [33] An related-key meet-in-the-middle algebraic attack on the NLFSR based block cipher KTANTAN32
    Zhang, Wen-Ying
    Liu, Xiang-Zhong
    Tien Tzu Hsueh Pao/Acta Electronica Sinica, 2012, 40 (10): : 2097 - 2100
  • [34] Meet-in-the-middle attack with Splice-and-Cut technique on the 19-round variant of block cipher HIGHT
    Igarashi, Yasutaka
    Sueyoshi, Ryutaro
    Kaneko, Toshinobu
    Fuchida, Takayasu
    Lecture Notes in Electrical Engineering, 2015, 339 : 423 - 429
  • [35] Improved Security Evaluation of SPN Block Ciphers and its Applications in the Single-key Attack on SKINNY
    Zhang, Wenying
    Cao, Meichun
    Guo, Jian
    Pasalic, Enes
    IACR TRANSACTIONS ON SYMMETRIC CRYPTOLOGY, 2019, 2019 (04) : 171 - 191
  • [36] Automatic Security Evaluation of Block Ciphers with S-bP Structures Against Related-Key Differential Attacks
    Sun, Siwei
    Hu, Lei
    Song, Ling
    Xie, Yonghong
    Wang, Peng
    INFORMATION SECURITY AND CRYPTOLOGY, INSCRYPT 2013, 2014, 8567 : 39 - 51
  • [37] Computational Security Evaluation of Light-weight Block Cipher against Integral Attack by GPGPU
    Kosuge, Haruhisa
    Tanaka, Hidema
    Iwai, Keisuke
    Kurokawa, Takakazu
    2015 IEEE 2ND INTERNATIONAL CONFERENCE ON CYBER SECURITY AND CLOUD COMPUTING (CSCLOUD), 2015, : 439 - 444